fix: disallow users from viewing other user's profile on config

[dpgaspar]

SUMMARY

Allowing users to access each others profiles is not ideal and can give unwanted access to lightly sensitive (private) data, that option is not ideal to every company, but can be perfectly fine for others.

ENABLE_BROAD_ACTIVITY_ACCESS is a config option that is already in-place and restricts access for a user to access other user's activity access. That data is shown on the profile page.

This PR leverages the same config key to enable/disable links and access to profiles from dashboards and charts.

BEFORE/AFTER SCREENSHOTS OR ANIMATED GIF

With ENABLE_BROAD_ACTIVITY_ACCESS = True (default) nothing changes

With ENABLE_BROAD_ACTIVITY_ACCESS = False

Trying to access other user's profile, by changing the URL directly:

TESTING INSTRUCTIONS

ADDITIONAL INFORMATION

• Has associated issue:
• Required feature flags:
• Changes UI
• Includes DB Migration (follow approval process in SIP-59)
  • Migration is atomic, supports rollback & is backwards-compatible
  • Confirm DB migration upgrade and downgrade tested
  • Runtime estimates and downtime expectations provided
• Introduces new feature or API
• Removes existing feature or API

[codecov]

Codecov Report

Merging #21302 (8b1bd5a) into master (ad34f9d) will increase coverage by 0.05%.
The diff coverage is 73.20%.

❗ Current head 8b1bd5a differs from pull request most recent head 9c8d88a. Consider uploading reports for the commit 9c8d88a to get more accurate results

@@            Coverage Diff             @@
##           master   #21302      +/-   ##
==========================================
+ Coverage   66.44%   66.50%   +0.05%     
==========================================
  Files        1784     1789       +5     
  Lines       68237    68381     +144     
  Branches     7263     7279      +16     
==========================================
+ Hits        45342    45474     +132     
+ Misses      21026    21020       -6     
- Partials     1869     1887      +18     

Flag	Coverage Δ
hive	52.94% <46.35%> (-0.05%)	⬇️
mysql	80.82% <75.49%> (+<0.01%)	⬆️
postgres	80.87% <75.49%> (+<0.01%)	⬆️
presto	52.84% <46.35%> (-0.05%)	⬇️
python	81.33% <75.49%> (-0.02%)	⬇️
sqlite	79.42% <75.49%> (-0.01%)	⬇️
unit	?

Flags with carried forward coverage won't be shown. Click here to find out more.

Impacted Files	Coverage Δ
...cy-preset-chart-nvd3/src/TimePivot/controlPanel.ts	50.00% <ø> (ø)
...hart-echarts/src/MixedTimeseries/transformProps.ts	0.00% <0.00%> (ø)
superset-frontend/src/SqlLab/App.jsx	0.00% <0.00%> (ø)
...d/src/SqlLab/components/TabbedSqlEditors/index.jsx	54.23% <0.00%> (-0.94%)	⬇️
...ntend/src/SqlLab/components/TableElement/index.tsx	72.30% <ø> (ø)
...tend/src/dashboard/components/AnchorLink/index.tsx	81.25% <ø> (ø)
superset-frontend/src/utils/localStorageHelpers.ts	90.00% <ø> (ø)
superset-frontend/src/views/App.tsx	0.00% <0.00%> (ø)
...aseModal/DatabaseConnectionForm/EncryptedField.tsx	10.00% <ø> (ø)
...c/views/CRUD/data/database/DatabaseModal/styles.ts	76.69% <ø> (ø)
... and 58 more

📣 We’re building smart automated test selection to slash your CI/CD build times. Learn more

[geido]

A minor enhancement, but since this is the same as the one below, can you please put it in a separate constant and just reference it in both places

[geido]

Looking at the code we are just removing the links to the profiles. Is there anything else that is actually blocking the user to visit a profile?

[dpgaspar]

Yes, on the backend change, the call to get_user_activity_access_error will assert if ENABLE_BROAD_ACTIVITY_ACCESS is True or not, if it's False and the user_id is not equal to the current user, the response will be 403 with an error msg. Following same pattern already in-place on other endpoints on /superset.

[geido]

Ok thanks for adding that

[geido]

LGTM!

[villebro]

LGTM with a miniscule nit

[villebro]

Probably better safe than sorry, but in a similar context on the backend we always do config["ENABLE_BROAD_ACTIVITY_ACCESS"] instead of ``config.get("ENABLE_BROAD_ACTIVITY_ACCESS")`, since we assume the variable should always be defined. So maybe we could get by with

Suggested change

	bootstrapData?.common?.conf?.ENABLE_BROAD_ACTIVITY_ACCESS || false;
	bootstrapData?.common?.conf?.ENABLE_BROAD_ACTIVITY_ACCESS;

(arguably that whole bootstrapData object with all nested fields should also be fully available)

[villebro]

same here